The security of a data center, it is the security of your data or those of your clients. Do not be fooled by security pretexts, often marketing elsewhere, to avoid questions about the real conditions of operation and maintenance of the sites of your hosting provider.
Data centers are the factories of modern times. They host Internet: websites, emails, data and photos of the individuals; but enterprise data. At a time of centralization of IT and cloud computing, they become the digital economy keystone. A failure of a data center, and thousands of people can be private network, telephone, emails or data.
However, we do not know well their safety. Often under the pretext of confidentiality, some data center operators communicating little information on their thermal architecture, electric, and the failures encountered. This communication is rather made by users who have to suffer an outage. There is no standard defining the security of a data center.
Criteria based on the data center architecture allows a private organization, the Uptime Institute, classifying data centers. They are categorized as “Tier I” to “Tier IV”. However, these categories are often used wrongly and without control by the designers of data centers. In addition, they do not take into account new data center configurations and operating processes.
In order to know the security of its data center, here are some basic questions that it seems useful to ask his host:
– Thermal security is often the most neglected element, and it is the cause of many failures. For a 1 MW data center computing power, if the cooling system does not work, it’s 1 MW of heat that builds up and raises the temperature room. How are cooled machines? Is it through a chilled water circulation system in a raised floor? Is ice water directly into the machines? Is the recycled air conditioning? The cooling by the ambient air? What are the outdoor temperature ranges for which the system is designed? What is happening in the case of water leakage if water is used?
It is necessary to check the fault tolerance of the cooling system. Is the network doubled? Are cold production units redundant?
– Electrical safety must be examined from the high voltage to computer servers. How many high-voltage power sources does your data center have? high-voltage cables they are lined on two different courses? A fire hazard exists on the high-voltage transformers: are protected against fire? Are they dubbed? Many data centers have only one general low voltage: is it the case of yours? Are computer rooms protected electrical brownouts; that is to say, does the inverters are used constantly? What are the procedures for maintenance and servicing of energy storage systems such as batteries? How are sized generators? Can they help the entire data center or just the power of computing? What is the available fuel reserve?
At electric windows, how many are distributed power sources? Is it different phases of the same channel, which does not represent a security; or channels produced by separate inverters? Are the computer servers connected to two separate sources?
– Fiber optic networks in data centers must also be secure. How much fiber optics supply systems are present? Optical fiber paths are they disjoint from beginning to end: on the street and in the building? Operator points of presence to customers berries?
Other security features can be examined: access control, video surveillance, fire detection, sprinkler. A key element is the presence of personnel on site: security agents, maintenance personnel but also, optical fiber welders, technicians and network systems. Put into production procedures, maintenance, service, penalty must be clearly defined and enforced. For guidance on the quality of the operation, a visit is useful: the site must be clean and empty boxes should not be in theaters. The access doors to the rooms and windows must be closed, well ordered and labeled wiring. The rooms, technical and local bays shall be clearly marked.
One can never be certain that an incident will not occur in a data center. However it is quite essential to be very demanding vis-à-vis its host in terms of security, availability and operating conditions. Safety is not to be walled up in underground and hide behind professional secrecy. Security is above all a question of means and processes but also clear and transparent communication with its clients